package net.cofcool.chaos.server.security.spring.config;

import net.cofcool.chaos.server.common.core.ConfigurationSupport;
import net.cofcool.chaos.server.common.security.AuthConfig;
import net.cofcool.chaos.server.common.security.PasswordProcessor;
import net.cofcool.chaos.server.common.security.UserAuthorizationService;
import net.cofcool.chaos.server.common.security.exception.AuthorizationException;
import net.cofcool.chaos.server.common.util.WebUtils;
import net.cofcool.chaos.server.security.spring.authorization.JsonAuthenticationFilter;
import net.cofcool.chaos.server.security.spring.authorization.JsonLogoutSuccessHandler;
import net.cofcool.chaos.server.security.spring.authorization.SpringDaoAuthenticationProvider;
import net.cofcool.chaos.server.security.spring.authorization.SpringUserAuthorizationService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.http.HttpMessageConverters;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.cors.CorsConfiguration;

/* loaded from: input_file:net/cofcool/chaos/server/security/spring/config/SpringSecurityConfiguration.class */
public class SpringSecurityConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger("");
    private final HttpMessageConverters messageConverter;
    private final ConfigurationSupport configurationSupport;
    private final PasswordProcessor passwordProcessor;
    private final SpringUserAuthorizationService userAuthorizationService;
    private final AuthConfig authConfig;

    public SpringSecurityConfiguration(HttpMessageConverters httpMessageConverters, UserAuthorizationService userAuthorizationService, ConfigurationSupport configurationSupport, PasswordProcessor passwordProcessor, AuthConfig authConfig) {
        this.messageConverter = httpMessageConverters;
        this.configurationSupport = configurationSupport;
        this.passwordProcessor = passwordProcessor;
        this.authConfig = authConfig;
        if (userAuthorizationService instanceof SpringUserAuthorizationService) {
            this.userAuthorizationService = (SpringUserAuthorizationService) userAuthorizationService;
        } else {
            this.userAuthorizationService = SpringUserAuthorizationService.of(userAuthorizationService);
        }
    }

    public SecurityFilterChain buildFilterChain(HttpSecurity httpSecurity) throws Exception {
        return (SecurityFilterChain) configure(httpSecurity).build();
    }

    private HttpSecurity configure(HttpSecurity httpSecurity) throws Exception {
        Assert.notNull(this.messageConverter, "messageConverter must be specified");
        Assert.notNull(this.configurationSupport, "configurationSupport must be specified");
        JsonAuthenticationFilter jsonAuthenticationFilter = new JsonAuthenticationFilter();
        if (this.authConfig.getCorsEnabled().booleanValue()) {
            httpSecurity.cors(corsConfigurer -> {
                corsConfigurer.configurationSource(httpServletRequest -> {
                    return new CorsConfiguration().applyPermitDefaultValues();
                });
            });
        }
        if (!this.authConfig.getCsrfEnabled().booleanValue()) {
            httpSecurity.csrf((v0) -> {
                v0.disable();
            });
        }
        httpSecurity.authenticationProvider(authenticationProvider(this.passwordProcessor)).rememberMe(rememberMeConfigurer -> {
            rememberMeConfigurer.useSecureCookie(true);
        }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(StringUtils.delimitedListToStringArray(this.authConfig.springExcludeUrl(), ","))).permitAll().requestMatchers(new String[]{"/**"})).authenticated().requestMatchers(new String[]{"/**"})).access((supplier, requestAuthorizationContext) -> {
                boolean z = true;
                try {
                    this.userAuthorizationService.checkPermission(requestAuthorizationContext.getRequest(), null, supplier.get(), WebUtils.getRealRequestPath(requestAuthorizationContext.getRequest()));
                } catch (AuthorizationException e) {
                    LOGGER.info("userAuthorizationService.checkPermission fail", e);
                    z = false;
                }
                return new AuthorizationDecision(z);
            });
        }).logout(logoutConfigurer -> {
            logoutConfigurer.logoutUrl(this.authConfig.getLogoutUrl()).logoutSuccessHandler(new JsonLogoutSuccessHandler(this.configurationSupport, this.messageConverter)).permitAll();
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.maximumSessions(10).expiredUrl(this.authConfig.getExpiredUrl());
        }).addFilterAt(jsonAuthenticationFilter, UsernamePasswordAuthenticationFilter.class).apply(((JsonLoginConfigure) new JsonLoginConfigure(jsonAuthenticationFilter).loginProcessingUrl(this.authConfig.getLoginUrl())).configuration(this.configurationSupport).messageConverter(this.messageConverter).filterSupportsLoginType(this.authConfig.getLoginObjectType()).unAuthUrl(this.authConfig.getUnauthUrl()).unLoginUrl(this.authConfig.getUnLoginUrl()));
        return httpSecurity;
    }

    public AuthenticationProvider authenticationProvider(PasswordProcessor passwordProcessor) {
        SpringDaoAuthenticationProvider springDaoAuthenticationProvider = new SpringDaoAuthenticationProvider();
        springDaoAuthenticationProvider.setPasswordProcessor(passwordProcessor);
        springDaoAuthenticationProvider.setUserAuthorizationService(this.userAuthorizationService);
        return springDaoAuthenticationProvider;
    }
}
